def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name='primary',
description='Memory layer for the kernel',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="darwin", description="Mac kernel symbols"),
requirements.VersionRequirement(name='macutils',
component=mac.MacUtilities,
version=(1, 0, 0)),
requirements.PluginRequirement(name='lsmod',
plugin=lsmod.Lsmod,
version=(1, 0, 0))
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name='primary',
description="Memory layer for the kernel",
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="nt_symbols", description="Windows kernel symbols"),
requirements.BooleanRequirement(
name="wide",
description="Match wide (unicode) strings",
default=False,
optional=True),
requirements.StringRequirement(
name="yara_rules",
description="Yara rules (as a string)",
optional=True),
requirements.URIRequirement(name="yara_file",
description="Yara rules (as a file)",
optional=True),
# This additional requirement is to follow suit with upstream, who feel that compiled rules could potentially be used to execute malicious code
# As such, there's a separate option to run compiled files, as happened with yara-3.9 and later
requirements.URIRequirement(
name="yara_compiled_file",
description="Yara compiled rules (as a file)",
optional=True),
requirements.IntRequirement(
name="max_size",
default=0x40000000,
description="Set the maximum size (default is 1GB)",
optional=True),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.VersionRequirement(name='yarascanner',
component=yarascan.YaraScanner,
version=(2, 0, 0)),
requirements.ListRequirement(
name='pid',
element_type=int,
description=
"Process IDs to include (all other processes are excluded)",
optional=True)
]
def get_requirements(cls):
return [
requirements.TranslationLayerRequirement(
name='primary',
description='Memory layer for the kernel',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(name="darwin",
description="Mac kernel"),
requirements.VersionRequirement(name='macutils',
component=mac.MacUtilities,
version=(1, 1, 0)),
requirements.PluginRequirement(name='lsmod',
plugin=lsmod.Lsmod,
version=(1, 0, 0)),
requirements.PluginRequirement(name='kauth_scopes',
plugin=kauth_scopes.Kauth_scopes,
version=(1, 0, 0))
]
def get_requirements(cls):
return [
requirements.ModuleRequirement(
name='kernel',
description='Kernel module for the OS',
architectures=["Intel32", "Intel64"]),
requirements.VersionRequirement(name='macutils',
component=mac.MacUtilities,
version=(1, 0, 0)),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(3, 0, 0)),
requirements.ListRequirement(
name='pid',
description='Filter on specific process IDs',
element_type=int,
optional=True)
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.ModuleRequirement(
name='kernel',
description='Linux kernel',
architectures=["Intel32", "Intel64"]),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.VersionRequirement(name='linuxutils',
component=linux.LinuxUtilities,
version=(2, 0, 0)),
requirements.ListRequirement(
name='pid',
description='Filter on specific process IDs',
element_type=int,
optional=True)
]
def get_requirements(cls):
return [
requirements.TranslationLayerRequirement(
name='primary',
description='Kernel Address Space',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(name="darwin",
description="Mac Kernel"),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.VersionRequirement(name='macutils',
component=mac.MacUtilities,
version=(1, 0, 0)),
requirements.ListRequirement(
name='pid',
description='Filter on specific process IDs',
element_type=int,
optional=True)
]
def get_requirements(cls):
return [
requirements.ModuleRequirement(
name='kernel',
description='Kernel module for the OS',
architectures=["Intel32", "Intel64"]),
requirements.VersionRequirement(name='macutils',
component=mac.MacUtilities,
version=(1, 1, 0)),
requirements.ChoiceRequirement(
name='pslist_method',
description='Method to determine for processes',
choices=cls.pslist_methods,
default=cls.pslist_methods[0],
optional=True),
requirements.ListRequirement(
name='pid',
description='Filter on specific process IDs',
element_type=int,
optional=True)
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
## TODO: we might add a regex option on the name later, but otherwise we're good
## TODO: and we don't want any CLI options from pslist, modules, or moddump
return [
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.PluginRequirement(name='modules',
plugin=modules.Modules,
version=(1, 0, 0)),
requirements.VersionRequirement(name='dlllist',
component=dlllist.DllList,
version=(2, 0, 0)),
requirements.TranslationLayerRequirement(
name='primary',
description='Memory layer for the kernel',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="nt_symbols", description="Windows kernel symbols"),
]
def get_requirements(cls):
return [
requirements.ModuleRequirement(
name='kernel',
description='Windows kernel',
architectures=["Intel32", "Intel64"]),
requirements.BooleanRequirement(
name='physical',
description='Display physical offsets instead of virtual',
default=pslist.PsList.PHYSICAL_DEFAULT,
optional=True),
requirements.VersionRequirement(name='pslist',
component=pslist.PsList,
version=(2, 0, 0)),
requirements.ListRequirement(
name='pid',
element_type=int,
description=
"Process ID to include (all other processes are excluded)",
optional=True)
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name='primary',
description='Memory layer for the kernel',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="vmlinux", description="Linux kernel symbols"),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(1, 0, 0)),
requirements.VersionRequirement(name='linuxutils',
component=linux.LinuxUtilities,
version=(1, 0, 0)),
requirements.ListRequirement(
name='pid',
description='Filter on specific process IDs',
element_type=int,
optional=True)
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
return [
requirements.TranslationLayerRequirement(
name='primary',
description="Memory layer for the kernel",
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="nt_symbols", description="Windows kernel symbols"),
requirements.BooleanRequirement(
name="wide",
description="Match wide (unicode) strings",
default=False,
optional=True),
requirements.StringRequirement(
name="yara_rules",
description="Yara rules (as a string)",
optional=True),
requirements.URIRequirement(name="yara_file",
description="Yara rules (as a file)",
optional=True),
requirements.IntRequirement(
name="max_size",
default=0x40000000,
description="Set the maximum size (default is 1GB)",
optional=True),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.VersionRequirement(name='yarascanner',
component=yarascan.YaraScanner,
version=(2, 0, 0)),
requirements.ListRequirement(
name='pid',
element_type=int,
description=
"Process IDs to include (all other processes are excluded)",
optional=True)
]
def get_requirements(cls):
return [
requirements.TranslationLayerRequirement(
name='primary',
description='Memory layer for the kernel',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="nt_symbols", description="Windows kernel symbols"),
requirements.BooleanRequirement(
name='physical',
description='Display physical offsets instead of virtual',
default=pslist.PsList.PHYSICAL_DEFAULT,
optional=True),
requirements.VersionRequirement(name='pslist',
component=pslist.PsList,
version=(2, 0, 0)),
requirements.ListRequirement(
name='pid',
element_type=int,
description=
"Process ID to include (all other processes are excluded)",
optional=True)
]
def get_requirements(cls):
return [
requirements.TranslationLayerRequirement(
name='primary',
description='Memory layer for the kernel',
architectures=["Intel32", "Intel64"]),
requirements.SymbolTableRequirement(
name="darwin", description="Mac kernel symbols"),
requirements.VersionRequirement(name='macutils',
component=mac.MacUtilities,
version=(1, 1, 0)),
requirements.ChoiceRequirement(
name='pslist_method',
description='Method to determine for processes',
choices=cls.pslist_methods,
default=cls.pslist_methods[0],
optional=True),
requirements.ListRequirement(
name='pid',
description='Filter on specific process IDs',
element_type=int,
optional=True)
]
def get_requirements(
cls) -> List[interfaces.configuration.RequirementInterface]:
## TODO: we might add a regex option on the name later, but otherwise we're good
## TODO: and we don't want any CLI options from pslist, modules, or moddump
return [
requirements.ModuleRequirement(
name='kernel',
description='Windows kernel',
architectures=["Intel32", "Intel64"]),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.PluginRequirement(name='modules',
plugin=modules.Modules,
version=(1, 0, 0)),
requirements.VersionRequirement(name='dlllist',
component=dlllist.DllList,
version=(2, 0, 0)),
requirements.BooleanRequirement(
name="extensive",
description="Search physical layer for version information",
optional=True,
default=False),
]
def get_requirements(cls):
return [
requirements.ModuleRequirement(
name='kernel',
description='Windows kernel',
architectures=["Intel32", "Intel64"]),
requirements.PluginRequirement(name='pslist',
plugin=pslist.PsList,
version=(2, 0, 0)),
requirements.VersionRequirement(name='info',
component=info.Info,
version=(1, 0, 0)),
requirements.ListRequirement(
name='pid',
element_type=int,
description=
"Process ID to include (all other processes are excluded)",
optional=True),
requirements.BooleanRequirement(
name='dump',
description="Extract listed processes",
default=False,
optional=True)
]
def get_requirements(cls):
return [
requirements.ModuleRequirement(name = 'kernel', description = 'Kernel module for the OS',
architectures = ["Intel32", "Intel64"]),
requirements.VersionRequirement(name = 'macutils', component = mac.MacUtilities, version = (1, 0, 0))
]
